see sharp RSS 2.0
# Tuesday, 03 March 2009
Working with a Microsoft CA, you often need to query the CA's database.
To determine the schema of the database you can use certutil to view it:

certutil -schema

this will list the columns, their types, their length and if they are indexed.

c:\Program Files\Microsoft Visual Studio 8\VC>certutil -schema
Column Name Localized Name Type MaxLength
---------------------------- ---------------------------- ------ ---------
Request.RequestID Request ID Long 4 -- Indexed
Request.RawRequest Binary Request Binary 65536
Request.RawArchivedKey Archived Key Binary 65536
Request.KeyRecoveryHashes Key Recovery Agent Hashes String 8192
Request.RawOldCertificate Old Certificate Binary 16384
Request.RequestAttributes Request Attributes String 32768
Request.RequestType Request Type Long 4
Request.RequestFlags Request Flags Long 4
Request.StatusCode Request Status Code Long 4
Request.Disposition Request Disposition Long 4 -- Indexed
Request.DispositionMessage Request Disposition Message String 8192
Request.SubmittedWhen Request Submission Date Date 8
Request.ResolvedWhen Request Resolution Date Date 8 -- Indexed
Request.RevokedWhen Revocation Date Date 8
Request.RevokedEffectiveWhen Effective Revocation Date Date 8 -- Indexed
Request.RevokedReason Revocation Reason Long 4
Request.RequesterName Requester Name String 2048 -- Indexed
Request.CallerName Caller Name String 2048 -- Indexed
Request.SignerPolicies Signer Policies String 8192
Request.SignerApplicationPolicies Signer Application Policies String 8192
Request.Officer Officer Long 4
Request.DistinguishedName Request Distinguished Name String 8192
Request.RawName Request Binary Name Binary 4096
Request.Country Request Country/Region String 8192
Request.Organization Request Organization String 8192
Request.OrgUnit Request Organization Unit String 8192
Request.CommonName Request Common Name String 8192
Request.Locality Request City String 8192
Request.State Request State String 8192
Request.Title Request Title String 8192
Request.GivenName Request First Name String 8192
Request.Initials Request Initials String 8192
Request.SurName Request Last Name String 8192
Request.DomainComponent Request Domain Component String 8192
Request.EMail Request Email Address String 8192
Request.StreetAddress Request Street Address String 8192
Request.UnstructuredName Request Unstructured Name String 8192
Request.UnstructuredAddress Request Unstructured Address String 8192
Request.DeviceSerialNumber Request Device Serial Number String 8192
RequestID Issued Request ID Long 4 -- Indexed
RawCertificate Binary Certificate Binary 16384
CertificateHash Certificate Hash String 128 -- Indexed
CertificateTemplate Certificate Template String 254 -- Indexed
EnrollmentFlags Template Enrollment Flags Long 4
GeneralFlags Template General Flags Long 4
SerialNumber Serial Number String 128 -- Indexed
IssuerNameID Issuer Name ID Long 4
NotBefore Certificate Effective Date Date 8
NotAfter Certificate Expiration Date Date 8 -- Indexed
SubjectKeyIdentifier Issued Subject Key Identifier String 128
RawPublicKey Binary Public Key Binary 4096
PublicKeyLength Public Key Length Long 4
PublicKeyAlgorithm Public Key Algorithm String 254
RawPublicKeyAlgorithmParameters Public Key Algorithm Parameters Binary 4096
UPN User Principal Name String 2048 -- Indexed
DistinguishedName Issued Distinguished Name String 8192
RawName Issued Binary Name Binary 4096
Country Issued Country/Region String 8192
Organization Issued Organization String 8192
OrgUnit Issued Organization Unit String 8192
CommonName Issued Common Name String 8192 -- Indexed
Locality Issued City String 8192
State Issued State String 8192
Title Issued Title String 8192
GivenName Issued First Name String 8192
Initials Issued Initials String 8192
SurName Issued Last Name String 8192
DomainComponent Issued Domain Component String 8192
EMail Issued Email Address String 8192
StreetAddress Issued Street Address String 8192
UnstructuredName Issued Unstructured Name String 8192
UnstructuredAddress Issued Unstructured Address String 8192
DeviceSerialNumber Issued Device Serial Number String 8192

CertUtil: -schema command completed successfully.
c:\Program Files\Microsoft Visual Studio 8\VC>

Tuesday, 03 March 2009 18:36:20 (Mitteleuropäische Zeit, UTC+01:00)  #    -
anything else
# Saturday, 21 February 2009
For some reason I needed to add a Control to a Toolstrip. There are some ToolStrip enabled controls in the framework, but I needed a checkbox.
So, after a short time with Windows Live Search, I found the  ToolStripControlHost class which comes quite handy for that task.
Just create your control, create a  ToolStripControlHost , and add that to the toolstrip.
Voila, thats it.

CheckBox cb = new CheckBox();
cb.Text = "Test";

ToolStripControlHost ch = new ToolStripControlHost(cb);

this.toolStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { ch });

MSDN describes that  here in great detail...

Saturday, 21 February 2009 14:54:17 (Mitteleuropäische Zeit, UTC+01:00)  #    -
# Friday, 20 February 2009
Basic Authenitcation is a - not so secure - method of authenticating users to a web server.
The username and password are sent in the HTTP request header with Base64 "encryption" which is as good as plain text.
However at some point you may have or may want to do just that, either because there is still no trust between organizations (believe me, the world is good :-)) or just because its too easy and other methods are way too hard to implement.
Now there you are, how do you add a header to a HttpRequest in plain c#?

Follow these steps:

  1. Generate the proxy using WSDL.EXE. Search MSDN on how to do that.
  2. Add this function to the partial class:

    protected override System.Net.WebRequest GetWebRequest(Uri uri)
          HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(uri);
          if (PreAuthenticate)
                NetworkCredential networkCredentials = Credentials.GetCredential(uri, "Basic");
                if (networkCredentials != null)
                      byte[] credentialBuffer = new UTF8Encoding().GetBytes(networkCredentials.UserName +":" + networkCredentials.Password);
                      // Note the space after Basic
                      request.Headers["Authorization"] = "Basic " + Convert.ToBase64String(credentialBuffer);
                      throw new ApplicationException("No network credentials");
          return request;

  3. within the client using your proxy add the following:

    // these are NOT my real credentials
    NetworkCredential netCredential = new NetworkCredential("Elvis", "Graceland");
    Uri uri = new Uri(svc.Url);
    ICredentials credentials = netCredential.GetCredential(uri, "Basic");
    svc.Credentials = credentials;
    // set PreAuthenticate as it is checked !!!
    svc.PreAuthenticate = true;

Thats it....

Friday, 20 February 2009 14:48:23 (Mitteleuropäische Zeit, UTC+01:00)  #    -
C# | Webservices | Authentication
# Friday, 13 February 2009
A trace filter is a nice thing, it can decide whether to log a message or not.

Two filters exist in the framework, and they are covered widely on MSDN.

Writing a custom filter is quite easy.
Just derive your filter class from  TraceFilter, override the one and only method ShouldTrace (which returns bool) and there you go.

Now the only thing left is to add the filter to the listener in your applications config file.

Happy Tracing...

Oh yes, here are the files:
Friday, 13 February 2009 14:35:41 (Mitteleuropäische Zeit, UTC+01:00)  #    -
Tracing | C#
So, ever played to much with a CLM test or demo environment and the database is full of old requests?
You can clean the database by running the ILM configuration wizard.
The wizard wil drop (and recreate) the database as part of the final configuration.
If you want the certificates from your current installation, don't let the wizard create new service account certificates.
There is a checkbox for this option.
I've done this for CLM 2007 (FP1) but I did not test it for newer releases (so i give no warranties).

Friday, 13 February 2009 14:28:44 (Mitteleuropäische Zeit, UTC+01:00)  #    -
# Wednesday, 11 February 2009
There are two possible reasons for a BIND Problem in CLM
  1. Not in trusted sites
    If working with CLM, be sure to add the CLM website to your browsers Trusted Site list.
    Many problems like links that do not work, Active Directory (AD) Bind problems and of course ActiveX problems

  2. Service Principal names
    In order for Kerberos to work the SPN must be correctly set. Verify its setting by issuing SETSPN -l MYDOMAIN\serviceaccount where the serviceaccount is the account the IIS App Pool is running.
    It should contain something like
    If you are using WIndows 2008 you can check for duplicate SPNs by issuing setspn -X
Wednesday, 11 February 2009 14:20:08 (Mitteleuropäische Zeit, UTC+01:00)  #    -
Authentication | CLM
<2009 March>
About the author/Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
Any link on this site may lead to an external website that is not under my control and that external website might show an opinion that is not mine.

© Copyright 2018
Hannes Köhler
Sign In
Total Posts: 39
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2018, Hannes Köhler
DasBlog theme 'Business' created by Christoph De Baene (delarou)